1. Field of the Invention
The present invention generally relates to a system and method for transaction authorization which allows a merchant to check for account authorization for a prospective customer. This can be for any type of customer, even, for example, a medical record linked to a patient. Specifically, the system and method of the present invention matches a generated alphanumeric string which is checked for every account and which is associated with an individual customer for pre-defined specified time spans. More specifically, the present invention allows the option to check an account's alphanumeric string for the time interval associated with an authorization request regardless if that request is beyond the specified time interval. The method of the present invention further allows for multiple relationships between customers, alphanumeric strings, and accounts. This results in more than one alphanumeric string which can be valid for the same account at the same time. Additional protection thresholds may be added as a part of this authorization process. By using this disclosed method and system, authorization of customer's transactions by merchants will be accomplished with heretofore unrealized transaction security.
2. Background of the Related Art
With a huge number of financial and information transactions carried out every day on the Internet, over the phone, and in person, a great need arises for the proper approval of each transaction. Currently most transactions (for example, credit card transactions) only require the signature of the cardholder and the account identification number for authorization. Processing a transaction in this way, is unreliable even when used with the best of intentions. However, when a transaction is entered by phone or by the internet (the number of which is expected to grow dramatically in the near future), even that limited security is not available. In fact, the same can be said about any application or information request carried over the Internet. With annual fraud in billions of dollars, there is a great need to protect such transactions with approval methods, for example, “authorization signatures” (for example, unpredictable alphanumeric strings valid for a specified time interval). This is necessary to provide increased security which would make the “authorization signature” difficult to forge or steal, even when it is exposed to another party carrying out a legitimate transaction. Such a system must be able to function even when not all of the accounts are participating in a newly introduced authorization procedure. This may be because not everyone may choose to participate in the new procedure or may be because a gradual phase-in may be desired.
The use of variable identification numbers, or random, or pseudorandom alphanumeric strings used as unpredictable codes which are changed at regular time intervals for authorization in a various security mechanisms, is not new. There are currently systems provided by Security Dynamics, which use a variable identification number (a “VIN”) with a password for computer system access authorization. This is generally disclosed in U.S. Pat. No. 5,988,497 to Michelle H. Wallace. This patent discloses a feature for credit card transaction authorization which operates by having users use a token-like device. This is typically a small hand-held device which generates a pseudorandom string of numbers which allows for computer system access for a specified time span by a user having the generated number string. At the end of the specified time interval, the number string is no longer operative and a new unpredictable string of numbers is generated for access to the computer system. Such disclosed authorization systems will deny authorization to a user who is not enrolled in the system.
Accordingly, there is now provided with this invention a system and method which will allow authorization to a user (in this case, a merchant or subscriber) for a customer who is not enrolled in the system. Multiple relationships between an alphanumeric string and accounts are also disclosed which results in more than one an alphanumeric string valid for the same account at the same time.